| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <m1CRZHh-000puzC__4033.54558297924$1100031076$gmane$org@finlandia.Infodrom.North.DE>
Date: Tue, 9 Nov 2004 17:55:57 +0100 (CET)
From: joey@...odrom.org (Martin Schulze)
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 591-1] New libgd2 packages fix arbitrary code execution
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 591-1 security@...ian.org
http://www.debian.org/security/ Martin Schulze
November 9th, 2004 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : libgd2
Vulnerability : integer overflows
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0990
BugTraq ID : 11523
"infamous41md" discovered several integer overflows in the PNG image
decoding routines of the GD graphics library. This could lead to the
execution of arbitrary code on the victim's machine.
For the stable distribution (woody) these problems have been fixed in
version 1.8.4-17.woody3 of libgd1 and in version 2.0.1-10woody1 of
libgd2.
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your libgd2 packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1.dsc
Size/MD5 checksum: 705 88c7efa97eeab7a6eadeb620bd09188e
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1.diff.gz
Size/MD5 checksum: 8303 d7cba99b80f5d24d7925690d1cd64d3b
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1.orig.tar.gz
Size/MD5 checksum: 436945 43af994a97f3300a1165ca4888176ece
Alpha architecture:
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_alpha.deb
Size/MD5 checksum: 19426 6a129f7af61c4c89d9f8a479efb1aa80
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_alpha.deb
Size/MD5 checksum: 133708 d6bef2d604d1399f76c86988a28b2c2f
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_alpha.deb
Size/MD5 checksum: 161450 8c3a8019e562585656dbc4ab1e0f9ef1
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_alpha.deb
Size/MD5 checksum: 133038 8ff0de6efe179744247ec3755a199068
ARM architecture:
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_arm.deb
Size/MD5 checksum: 16494 b8761b5ef00d2e2fdc0a12bd5ba64935
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_arm.deb
Size/MD5 checksum: 122794 4133503e81fa4009e1112c3972d3345c
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_arm.deb
Size/MD5 checksum: 149662 0452e1f7012f5337a04ddb110ca9601d
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_arm.deb
Size/MD5 checksum: 122106 21ebf1c6a9c99a654aeda3dc2de8ae61
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_i386.deb
Size/MD5 checksum: 16360 ba3066520359c3291d225c3587467b47
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_i386.deb
Size/MD5 checksum: 122538 eef089742b45329d6eee1b4b8e3d32a3
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_i386.deb
Size/MD5 checksum: 144380 f04b92dfa62c680420c0bc2427e77d0d
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_i386.deb
Size/MD5 checksum: 121988 8401ad37f2301fb537fb021f248007e3
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_ia64.deb
Size/MD5 checksum: 19686 6c3c9b03041462cd524ac5a9f136615e
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_ia64.deb
Size/MD5 checksum: 150808 515e12b09662de87d49b6f35acae1ebb
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_ia64.deb
Size/MD5 checksum: 176490 99c2709b91b19847a5464a43da387f82
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_ia64.deb
Size/MD5 checksum: 149940 2e4ddcf1e74e5a4d6290c05c1ab12c14
HP Precision architecture:
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_hppa.deb
Size/MD5 checksum: 17560 c8007c9d34777006a64484d4c6e7a93f
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_hppa.deb
Size/MD5 checksum: 133764 02776aee09b0c637d657f72ef25da6e3
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_hppa.deb
Size/MD5 checksum: 158148 79cad220b411030e9ae73b6cc571b4d0
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_hppa.deb
Size/MD5 checksum: 133214 db7f30c855c7c081086ef0ca087b167e
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_m68k.deb
Size/MD5 checksum: 16254 d68b2a04ef57a8d3d796ddf4a87cfacb
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_m68k.deb
Size/MD5 checksum: 119546 6d2f5b67232dceb02e05e1c023b4c63f
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_m68k.deb
Size/MD5 checksum: 141400 b2ed3350229ad3c3e3355dd96e68cc75
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_m68k.deb
Size/MD5 checksum: 118992 b6bfe3a735b1d923d0bc57dde4b915c7
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_mips.deb
Size/MD5 checksum: 16254 a50a60c6911d92ba9a0515e87aaaa325
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_mips.deb
Size/MD5 checksum: 125870 189dd85190eb1f3b804762602793fa92
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_mips.deb
Size/MD5 checksum: 155372 1d343ea6008b1325abc5695f2c040280
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_mips.deb
Size/MD5 checksum: 125226 ad9fc8b3e7d1991168ef898bbb3a2544
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_mipsel.deb
Size/MD5 checksum: 16178 7291e8074a031d4245f321084d4277aa
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_mipsel.deb
Size/MD5 checksum: 126100 14c4f2f1d9d3fb1b555ec9b1f0745e5a
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_mipsel.deb
Size/MD5 checksum: 155530 3ffae465699cb6775927c05daef6785d
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_mipsel.deb
Size/MD5 checksum: 125470 bd3d389629412e2e5860f4a0d5c4fc33
PowerPC architecture:
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_powerpc.deb
Size/MD5 checksum: 16684 abae7aecfede1fba89c55541db9621f0
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_powerpc.deb
Size/MD5 checksum: 126232 5f4ac8d84d3e1957243ef904fd9460af
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_powerpc.deb
Size/MD5 checksum: 152194 2ff1c73c04e079cd3c048a3fe0c76b62
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_powerpc.deb
Size/MD5 checksum: 125536 7d03001e0fbefdd8481e8aa8ebd8f1d5
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_s390.deb
Size/MD5 checksum: 17526 c6d969e33155948d6fe20b6faa467505
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_s390.deb
Size/MD5 checksum: 125972 e792ef4f6ca004f73a4c5e239525c456
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_s390.deb
Size/MD5 checksum: 146656 50536238baf45e02b4d0efee67e23716
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_s390.deb
Size/MD5 checksum: 125356 4688d47c735283c8974c6306aac76cdc
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_sparc.deb
Size/MD5 checksum: 16622 dad3372d7766abd0bf6936364c867c33
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_sparc.deb
Size/MD5 checksum: 124496 2736df53b6305853b8c3e81a31804375
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_sparc.deb
Size/MD5 checksum: 148200 e390b00feeee0a027c7f5828660fecdf
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_sparc.deb
Size/MD5 checksum: 123890 b7339c8e4a801dd2dbb81cae06b8e236
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBkPadW5ql+IAeqTIRAm0DAJ0Z8SHTJ+rF8QeMQEqj2R/+yHxlfACdFZuC
dK20hqEdstOJR6odJrbFMP8=
=4kbL
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists